#VU9463 Information disclosure in Cisco Jabber - CVE-2017-12361

Cybersecurity Help s.r.o.

Published: 2017-11-30

Vulnerability identifier: #VU9463

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12361

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco Jabber
Client/Desktop applications / Messaging software

Vendor: Cisco Systems, Inc

Description

The disclosed vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to the way Cisco Jabber for Windows handles random number generation for file folders. A local attacker can fix the random number data used to establish Secure Sockets Layer (SSL) connections between clients and decrypt secure communications made by the Cisco Jabber for Windows client.

Successful exploitation of the vulnerability may result in further attacks.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco Jabber: 11.8.0 - 11.8.3

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Jabber